Security Analysis While Transitioning from Monolithic Applications to Microservices

Abstract

Microservice architectures have evolved as an enticing alternative to more typical monolithic software application approaches. Microservices give various benefits in terms of code base knowledge, deployment, testability, and scalability. As the information technology (IT) industry expands, it makes sense for IT behemoths to adopt the microservice, but new software solutions creates new security vulnerabilities, as the technology is young and the faults have not been adequately mapped out. Authentication and authorization are key components of any software with a significant number of users. However, owing to the lack of microservice research, which derives from their relatively young, there are no specified design standards for how authentication and authorization are best performed in a microservice. This thesis analizes existing microservice in order to safeguard it using a security design pattern for authentication and authorization. Different security patterns were assessed and different degrees of security helped in identifying an acceptable security vs. performance trade-off.The objective was to strengthen the patterns' validity as known security patterns. Another purpose was to establish a security pattern that was suitable for the microservice.